Friday, April 24, 2015

A former employee of a health insurance provider was found to have screenshots of patients' personally identifiable information (PII) on her mobile phone.

The identity thefts took place during the period from 2007-2013 but the insurance company did not know about the data thefts until December 2014 when they were notified by the IRS.

"the former employee’s personal cell phone was confiscated and pictures of screen shots from [the insurance company's] computer screens were found on it." - insurance company letter to attorney general's office

Unfortunately, third parties, rather than the organization holding the PII, are often the first to discover identity thefts. However, this is not the case for organizations that utilize low-cost on-demand SaaS analytics to proactively detect identity thefts and data privacy breaches, even when a mobile phone is used to capture screenshots.